1 // This file is Copyright its original authors, visible in version control
4 // This file is licensed under the Apache License, Version 2.0 <LICENSE-APACHE
5 // or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
6 // <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option.
7 // You may not use this file except in accordance with one or both of these
10 //! Data structures and encoding for refunds.
12 //! A [`Refund`] is an "offer for money" and is typically constructed by a merchant and presented
13 //! directly to the customer. The recipient responds with an [`Invoice`] to be paid.
15 //! This is an [`InvoiceRequest`] produced *not* in response to an [`Offer`].
17 //! [`Invoice`]: crate::offers::invoice::Invoice
18 //! [`InvoiceRequest`]: crate::offers::invoice_request::InvoiceRequest
19 //! [`Offer`]: crate::offers::offer::Offer
22 //! extern crate bitcoin;
23 //! extern crate core;
24 //! extern crate lightning;
26 //! use core::convert::TryFrom;
27 //! use core::time::Duration;
29 //! use bitcoin::network::constants::Network;
30 //! use bitcoin::secp256k1::{KeyPair, PublicKey, Secp256k1, SecretKey};
31 //! use lightning::offers::parse::ParseError;
32 //! use lightning::offers::refund::{Refund, RefundBuilder};
33 //! use lightning::util::ser::{Readable, Writeable};
35 //! # use lightning::blinded_path::BlindedPath;
36 //! # #[cfg(feature = "std")]
37 //! # use std::time::SystemTime;
39 //! # fn create_blinded_path() -> BlindedPath { unimplemented!() }
40 //! # fn create_another_blinded_path() -> BlindedPath { unimplemented!() }
42 //! # #[cfg(feature = "std")]
43 //! # fn build() -> Result<(), ParseError> {
44 //! let secp_ctx = Secp256k1::new();
45 //! let keys = KeyPair::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
46 //! let pubkey = PublicKey::from(keys);
48 //! let expiration = SystemTime::now() + Duration::from_secs(24 * 60 * 60);
49 //! let refund = RefundBuilder::new("coffee, large".to_string(), vec![1; 32], pubkey, 20_000)?
50 //! .absolute_expiry(expiration.duration_since(SystemTime::UNIX_EPOCH).unwrap())
51 //! .issuer("Foo Bar".to_string())
52 //! .path(create_blinded_path())
53 //! .path(create_another_blinded_path())
54 //! .chain(Network::Bitcoin)
55 //! .payer_note("refund for order #12345".to_string())
58 //! // Encode as a bech32 string for use in a QR code.
59 //! let encoded_refund = refund.to_string();
61 //! // Parse from a bech32 string after scanning from a QR code.
62 //! let refund = encoded_refund.parse::<Refund>()?;
64 //! // Encode refund as raw bytes.
65 //! let mut bytes = Vec::new();
66 //! refund.write(&mut bytes).unwrap();
68 //! // Decode raw bytes into an refund.
69 //! let refund = Refund::try_from(bytes)?;
74 use bitcoin::blockdata::constants::ChainHash;
75 use bitcoin::network::constants::Network;
76 use bitcoin::secp256k1::{PublicKey, Secp256k1, self};
77 use core::convert::TryFrom;
79 use core::str::FromStr;
80 use core::time::Duration;
81 use crate::chain::keysinterface::EntropySource;
83 use crate::blinded_path::BlindedPath;
84 use crate::ln::PaymentHash;
85 use crate::ln::features::InvoiceRequestFeatures;
86 use crate::ln::inbound_payment::{ExpandedKey, IV_LEN, Nonce};
87 use crate::ln::msgs::{DecodeError, MAX_VALUE_MSAT};
88 use crate::offers::invoice::{BlindedPayInfo, DerivedSigningPubkey, ExplicitSigningPubkey, InvoiceBuilder};
89 use crate::offers::invoice_request::{InvoiceRequestTlvStream, InvoiceRequestTlvStreamRef};
90 use crate::offers::offer::{OfferTlvStream, OfferTlvStreamRef};
91 use crate::offers::parse::{Bech32Encode, ParseError, ParsedMessage, SemanticError};
92 use crate::offers::payer::{PayerContents, PayerTlvStream, PayerTlvStreamRef};
93 use crate::offers::signer::{Metadata, MetadataMaterial, self};
94 use crate::util::ser::{SeekReadable, WithoutLength, Writeable, Writer};
95 use crate::util::string::PrintableString;
97 use crate::prelude::*;
99 #[cfg(feature = "std")]
100 use std::time::SystemTime;
102 pub(super) const IV_BYTES: &[u8; IV_LEN] = b"LDK Refund ~~~~~";
104 /// Builds a [`Refund`] for the "offer for money" flow.
106 /// See [module-level documentation] for usage.
108 /// [module-level documentation]: self
109 pub struct RefundBuilder<'a, T: secp256k1::Signing> {
110 refund: RefundContents,
111 secp_ctx: Option<&'a Secp256k1<T>>,
114 impl<'a> RefundBuilder<'a, secp256k1::SignOnly> {
115 /// Creates a new builder for a refund using the [`Refund::payer_id`] for the public node id to
116 /// send to if no [`Refund::paths`] are set. Otherwise, it may be a transient pubkey.
118 /// Additionally, sets the required [`Refund::description`], [`Refund::metadata`], and
119 /// [`Refund::amount_msats`].
121 description: String, metadata: Vec<u8>, payer_id: PublicKey, amount_msats: u64
122 ) -> Result<Self, SemanticError> {
123 if amount_msats > MAX_VALUE_MSAT {
124 return Err(SemanticError::InvalidAmount);
127 let metadata = Metadata::Bytes(metadata);
129 refund: RefundContents {
130 payer: PayerContents(metadata), description, absolute_expiry: None, issuer: None,
131 paths: None, chain: None, amount_msats, features: InvoiceRequestFeatures::empty(),
132 quantity: None, payer_id, payer_note: None,
139 impl<'a, T: secp256k1::Signing> RefundBuilder<'a, T> {
140 /// Similar to [`RefundBuilder::new`] except, if [`RefundBuilder::path`] is called, the payer id
141 /// is derived from the given [`ExpandedKey`] and nonce. This provides sender privacy by using a
142 /// different payer id for each refund, assuming a different nonce is used. Otherwise, the
143 /// provided `node_id` is used for the payer id.
145 /// Also, sets the metadata when [`RefundBuilder::build`] is called such that it can be used to
146 /// verify that an [`InvoiceRequest`] was produced for the refund given an [`ExpandedKey`].
148 /// [`InvoiceRequest`]: crate::offers::invoice_request::InvoiceRequest
149 /// [`ExpandedKey`]: crate::ln::inbound_payment::ExpandedKey
150 pub fn deriving_payer_id<ES: Deref>(
151 description: String, node_id: PublicKey, expanded_key: &ExpandedKey, entropy_source: ES,
152 secp_ctx: &'a Secp256k1<T>, amount_msats: u64
153 ) -> Result<Self, SemanticError> where ES::Target: EntropySource {
154 if amount_msats > MAX_VALUE_MSAT {
155 return Err(SemanticError::InvalidAmount);
158 let nonce = Nonce::from_entropy_source(entropy_source);
159 let derivation_material = MetadataMaterial::new(nonce, expanded_key, IV_BYTES);
160 let metadata = Metadata::DerivedSigningPubkey(derivation_material);
162 refund: RefundContents {
163 payer: PayerContents(metadata), description, absolute_expiry: None, issuer: None,
164 paths: None, chain: None, amount_msats, features: InvoiceRequestFeatures::empty(),
165 quantity: None, payer_id: node_id, payer_note: None,
167 secp_ctx: Some(secp_ctx),
171 /// Sets the [`Refund::absolute_expiry`] as seconds since the Unix epoch. Any expiry that has
172 /// already passed is valid and can be checked for using [`Refund::is_expired`].
174 /// Successive calls to this method will override the previous setting.
175 pub fn absolute_expiry(mut self, absolute_expiry: Duration) -> Self {
176 self.refund.absolute_expiry = Some(absolute_expiry);
180 /// Sets the [`Refund::issuer`].
182 /// Successive calls to this method will override the previous setting.
183 pub fn issuer(mut self, issuer: String) -> Self {
184 self.refund.issuer = Some(issuer);
188 /// Adds a blinded path to [`Refund::paths`]. Must include at least one path if only connected
189 /// by private channels or if [`Refund::payer_id`] is not a public node id.
191 /// Successive calls to this method will add another blinded path. Caller is responsible for not
192 /// adding duplicate paths.
193 pub fn path(mut self, path: BlindedPath) -> Self {
194 self.refund.paths.get_or_insert_with(Vec::new).push(path);
198 /// Sets the [`Refund::chain`] of the given [`Network`] for paying an invoice. If not
199 /// called, [`Network::Bitcoin`] is assumed.
201 /// Successive calls to this method will override the previous setting.
202 pub fn chain(mut self, network: Network) -> Self {
203 self.refund.chain = Some(ChainHash::using_genesis_block(network));
207 /// Sets [`Refund::quantity`] of items. This is purely for informational purposes. It is useful
208 /// when the refund pertains to an [`Invoice`] that paid for more than one item from an
209 /// [`Offer`] as specified by [`InvoiceRequest::quantity`].
211 /// Successive calls to this method will override the previous setting.
213 /// [`Invoice`]: crate::offers::invoice::Invoice
214 /// [`InvoiceRequest::quantity`]: crate::offers::invoice_request::InvoiceRequest::quantity
215 /// [`Offer`]: crate::offers::offer::Offer
216 pub fn quantity(mut self, quantity: u64) -> Self {
217 self.refund.quantity = Some(quantity);
221 /// Sets the [`Refund::payer_note`].
223 /// Successive calls to this method will override the previous setting.
224 pub fn payer_note(mut self, payer_note: String) -> Self {
225 self.refund.payer_note = Some(payer_note);
229 /// Builds a [`Refund`] after checking for valid semantics.
230 pub fn build(mut self) -> Result<Refund, SemanticError> {
231 if self.refund.chain() == self.refund.implied_chain() {
232 self.refund.chain = None;
235 // Create the metadata for stateless verification of an Invoice.
236 if self.refund.payer.0.has_derivation_material() {
237 let mut metadata = core::mem::take(&mut self.refund.payer.0);
239 if self.refund.paths.is_none() {
240 metadata = metadata.without_keys();
243 let mut tlv_stream = self.refund.as_tlv_stream();
244 tlv_stream.0.metadata = None;
245 if metadata.derives_keys() {
246 tlv_stream.2.payer_id = None;
249 let (derived_metadata, keys) = metadata.derive_from(tlv_stream, self.secp_ctx);
250 metadata = derived_metadata;
251 if let Some(keys) = keys {
252 self.refund.payer_id = keys.public_key();
255 self.refund.payer.0 = metadata;
258 let mut bytes = Vec::new();
259 self.refund.write(&mut bytes).unwrap();
261 Ok(Refund { bytes, contents: self.refund })
266 impl<'a, T: secp256k1::Signing> RefundBuilder<'a, T> {
267 fn features_unchecked(mut self, features: InvoiceRequestFeatures) -> Self {
268 self.refund.features = features;
273 /// A `Refund` is a request to send an [`Invoice`] without a preceding [`Offer`].
275 /// Typically, after an invoice is paid, the recipient may publish a refund allowing the sender to
276 /// recoup their funds. A refund may be used more generally as an "offer for money", such as with a
279 /// [`Invoice`]: crate::offers::invoice::Invoice
280 /// [`Offer`]: crate::offers::offer::Offer
281 #[derive(Clone, Debug)]
282 #[cfg_attr(test, derive(PartialEq))]
284 pub(super) bytes: Vec<u8>,
285 pub(super) contents: RefundContents,
288 /// The contents of a [`Refund`], which may be shared with an [`Invoice`].
290 /// [`Invoice`]: crate::offers::invoice::Invoice
291 #[derive(Clone, Debug)]
292 #[cfg_attr(test, derive(PartialEq))]
293 pub(super) struct RefundContents {
294 payer: PayerContents,
297 absolute_expiry: Option<Duration>,
298 issuer: Option<String>,
299 paths: Option<Vec<BlindedPath>>,
300 // invoice_request fields
301 chain: Option<ChainHash>,
303 features: InvoiceRequestFeatures,
304 quantity: Option<u64>,
306 payer_note: Option<String>,
310 /// A complete description of the purpose of the refund. Intended to be displayed to the user
311 /// but with the caveat that it has not been verified in any way.
312 pub fn description(&self) -> PrintableString {
313 PrintableString(&self.contents.description)
316 /// Duration since the Unix epoch when an invoice should no longer be sent.
318 /// If `None`, the refund does not expire.
319 pub fn absolute_expiry(&self) -> Option<Duration> {
320 self.contents.absolute_expiry
323 /// Whether the refund has expired.
324 #[cfg(feature = "std")]
325 pub fn is_expired(&self) -> bool {
326 self.contents.is_expired()
329 /// The issuer of the refund, possibly beginning with `user@domain` or `domain`. Intended to be
330 /// displayed to the user but with the caveat that it has not been verified in any way.
331 pub fn issuer(&self) -> Option<PrintableString> {
332 self.contents.issuer.as_ref().map(|issuer| PrintableString(issuer.as_str()))
335 /// Paths to the sender originating from publicly reachable nodes. Blinded paths provide sender
336 /// privacy by obfuscating its node id.
337 pub fn paths(&self) -> &[BlindedPath] {
338 self.contents.paths.as_ref().map(|paths| paths.as_slice()).unwrap_or(&[])
341 /// An unpredictable series of bytes, typically containing information about the derivation of
344 /// [`payer_id`]: Self::payer_id
345 pub fn metadata(&self) -> &[u8] {
346 self.contents.metadata()
349 /// A chain that the refund is valid for.
350 pub fn chain(&self) -> ChainHash {
351 self.contents.chain.unwrap_or_else(|| self.contents.implied_chain())
354 /// The amount to refund in msats (i.e., the minimum lightning-payable unit for [`chain`]).
356 /// [`chain`]: Self::chain
357 pub fn amount_msats(&self) -> u64 {
358 self.contents.amount_msats
361 /// Features pertaining to requesting an invoice.
362 pub fn features(&self) -> &InvoiceRequestFeatures {
363 &self.contents.features
366 /// The quantity of an item that refund is for.
367 pub fn quantity(&self) -> Option<u64> {
368 self.contents.quantity
371 /// A public node id to send to in the case where there are no [`paths`]. Otherwise, a possibly
372 /// transient pubkey.
374 /// [`paths`]: Self::paths
375 pub fn payer_id(&self) -> PublicKey {
376 self.contents.payer_id
379 /// Payer provided note to include in the invoice.
380 pub fn payer_note(&self) -> Option<PrintableString> {
381 self.contents.payer_note.as_ref().map(|payer_note| PrintableString(payer_note.as_str()))
384 /// Creates an [`InvoiceBuilder`] for the refund with the given required fields and using the
385 /// [`Duration`] since [`std::time::SystemTime::UNIX_EPOCH`] as the creation time.
387 /// See [`Refund::respond_with_no_std`] for further details where the aforementioned creation
388 /// time is used for the `created_at` parameter.
390 /// [`Duration`]: core::time::Duration
391 #[cfg(feature = "std")]
393 &self, payment_paths: Vec<(BlindedPath, BlindedPayInfo)>, payment_hash: PaymentHash,
394 signing_pubkey: PublicKey,
395 ) -> Result<InvoiceBuilder<ExplicitSigningPubkey>, SemanticError> {
396 let created_at = std::time::SystemTime::now()
397 .duration_since(std::time::SystemTime::UNIX_EPOCH)
398 .expect("SystemTime::now() should come after SystemTime::UNIX_EPOCH");
400 self.respond_with_no_std(payment_paths, payment_hash, signing_pubkey, created_at)
403 /// Creates an [`InvoiceBuilder`] for the refund with the given required fields.
405 /// Unless [`InvoiceBuilder::relative_expiry`] is set, the invoice will expire two hours after
406 /// `created_at`, which is used to set [`Invoice::created_at`]. Useful for `no-std` builds where
407 /// [`std::time::SystemTime`] is not available.
409 /// The caller is expected to remember the preimage of `payment_hash` in order to
410 /// claim a payment for the invoice.
412 /// The `signing_pubkey` is required to sign the invoice since refunds are not in response to an
413 /// offer, which does have a `signing_pubkey`.
415 /// The `payment_paths` parameter is useful for maintaining the payment recipient's privacy. It
416 /// must contain one or more elements ordered from most-preferred to least-preferred, if there's
417 /// a preference. Note, however, that any privacy is lost if a public node id is used for
418 /// `signing_pubkey`.
420 /// Errors if the request contains unknown required features.
422 /// [`Invoice::created_at`]: crate::offers::invoice::Invoice::created_at
423 pub fn respond_with_no_std(
424 &self, payment_paths: Vec<(BlindedPath, BlindedPayInfo)>, payment_hash: PaymentHash,
425 signing_pubkey: PublicKey, created_at: Duration
426 ) -> Result<InvoiceBuilder<ExplicitSigningPubkey>, SemanticError> {
427 if self.features().requires_unknown_bits() {
428 return Err(SemanticError::UnknownRequiredFeatures);
431 InvoiceBuilder::for_refund(self, payment_paths, created_at, payment_hash, signing_pubkey)
434 /// Creates an [`InvoiceBuilder`] for the refund using the given required fields and that uses
435 /// derived signing keys to sign the [`Invoice`].
437 /// See [`Refund::respond_with`] for further details.
439 /// [`Invoice`]: crate::offers::invoice::Invoice
440 #[cfg(feature = "std")]
441 pub fn respond_using_derived_keys<ES: Deref>(
442 &self, payment_paths: Vec<(BlindedPath, BlindedPayInfo)>, payment_hash: PaymentHash,
443 expanded_key: &ExpandedKey, entropy_source: ES
444 ) -> Result<InvoiceBuilder<DerivedSigningPubkey>, SemanticError>
446 ES::Target: EntropySource,
448 let created_at = std::time::SystemTime::now()
449 .duration_since(std::time::SystemTime::UNIX_EPOCH)
450 .expect("SystemTime::now() should come after SystemTime::UNIX_EPOCH");
452 self.respond_using_derived_keys_no_std(
453 payment_paths, payment_hash, created_at, expanded_key, entropy_source
457 /// Creates an [`InvoiceBuilder`] for the refund using the given required fields and that uses
458 /// derived signing keys to sign the [`Invoice`].
460 /// See [`Refund::respond_with_no_std`] for further details.
462 /// [`Invoice`]: crate::offers::invoice::Invoice
463 pub fn respond_using_derived_keys_no_std<ES: Deref>(
464 &self, payment_paths: Vec<(BlindedPath, BlindedPayInfo)>, payment_hash: PaymentHash,
465 created_at: core::time::Duration, expanded_key: &ExpandedKey, entropy_source: ES
466 ) -> Result<InvoiceBuilder<DerivedSigningPubkey>, SemanticError>
468 ES::Target: EntropySource,
470 if self.features().requires_unknown_bits() {
471 return Err(SemanticError::UnknownRequiredFeatures);
474 let nonce = Nonce::from_entropy_source(entropy_source);
475 let keys = signer::derive_keys(nonce, expanded_key);
476 InvoiceBuilder::for_refund_using_keys(self, payment_paths, created_at, payment_hash, keys)
480 fn as_tlv_stream(&self) -> RefundTlvStreamRef {
481 self.contents.as_tlv_stream()
485 impl AsRef<[u8]> for Refund {
486 fn as_ref(&self) -> &[u8] {
491 impl RefundContents {
492 #[cfg(feature = "std")]
493 pub(super) fn is_expired(&self) -> bool {
494 match self.absolute_expiry {
495 Some(seconds_from_epoch) => match SystemTime::UNIX_EPOCH.elapsed() {
496 Ok(elapsed) => elapsed > seconds_from_epoch,
503 pub(super) fn metadata(&self) -> &[u8] {
504 self.payer.0.as_bytes().map(|bytes| bytes.as_slice()).unwrap_or(&[])
507 pub(super) fn chain(&self) -> ChainHash {
508 self.chain.unwrap_or_else(|| self.implied_chain())
511 pub fn implied_chain(&self) -> ChainHash {
512 ChainHash::using_genesis_block(Network::Bitcoin)
515 pub(super) fn derives_keys(&self) -> bool {
516 self.payer.0.derives_keys()
519 pub(super) fn payer_id(&self) -> PublicKey {
523 pub(super) fn as_tlv_stream(&self) -> RefundTlvStreamRef {
524 let payer = PayerTlvStreamRef {
525 metadata: self.payer.0.as_bytes(),
528 let offer = OfferTlvStreamRef {
533 description: Some(&self.description),
535 absolute_expiry: self.absolute_expiry.map(|duration| duration.as_secs()),
536 paths: self.paths.as_ref(),
537 issuer: self.issuer.as_ref(),
543 if self.features == InvoiceRequestFeatures::empty() { None }
544 else { Some(&self.features) }
547 let invoice_request = InvoiceRequestTlvStreamRef {
548 chain: self.chain.as_ref(),
549 amount: Some(self.amount_msats),
551 quantity: self.quantity,
552 payer_id: Some(&self.payer_id),
553 payer_note: self.payer_note.as_ref(),
556 (payer, offer, invoice_request)
560 impl Writeable for Refund {
561 fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
562 WithoutLength(&self.bytes).write(writer)
566 impl Writeable for RefundContents {
567 fn write<W: Writer>(&self, writer: &mut W) -> Result<(), io::Error> {
568 self.as_tlv_stream().write(writer)
572 type RefundTlvStream = (PayerTlvStream, OfferTlvStream, InvoiceRequestTlvStream);
574 type RefundTlvStreamRef<'a> = (
575 PayerTlvStreamRef<'a>,
576 OfferTlvStreamRef<'a>,
577 InvoiceRequestTlvStreamRef<'a>,
580 impl SeekReadable for RefundTlvStream {
581 fn read<R: io::Read + io::Seek>(r: &mut R) -> Result<Self, DecodeError> {
582 let payer = SeekReadable::read(r)?;
583 let offer = SeekReadable::read(r)?;
584 let invoice_request = SeekReadable::read(r)?;
586 Ok((payer, offer, invoice_request))
590 impl Bech32Encode for Refund {
591 const BECH32_HRP: &'static str = "lnr";
594 impl FromStr for Refund {
595 type Err = ParseError;
597 fn from_str(s: &str) -> Result<Self, <Self as FromStr>::Err> {
598 Refund::from_bech32_str(s)
602 impl TryFrom<Vec<u8>> for Refund {
603 type Error = ParseError;
605 fn try_from(bytes: Vec<u8>) -> Result<Self, Self::Error> {
606 let refund = ParsedMessage::<RefundTlvStream>::try_from(bytes)?;
607 let ParsedMessage { bytes, tlv_stream } = refund;
608 let contents = RefundContents::try_from(tlv_stream)?;
610 Ok(Refund { bytes, contents })
614 impl TryFrom<RefundTlvStream> for RefundContents {
615 type Error = SemanticError;
617 fn try_from(tlv_stream: RefundTlvStream) -> Result<Self, Self::Error> {
619 PayerTlvStream { metadata: payer_metadata },
621 chains, metadata, currency, amount: offer_amount, description,
622 features: offer_features, absolute_expiry, paths, issuer, quantity_max, node_id,
624 InvoiceRequestTlvStream { chain, amount, features, quantity, payer_id, payer_note },
627 let payer = match payer_metadata {
628 None => return Err(SemanticError::MissingPayerMetadata),
629 Some(metadata) => PayerContents(Metadata::Bytes(metadata)),
632 if metadata.is_some() {
633 return Err(SemanticError::UnexpectedMetadata);
636 if chains.is_some() {
637 return Err(SemanticError::UnexpectedChain);
640 if currency.is_some() || offer_amount.is_some() {
641 return Err(SemanticError::UnexpectedAmount);
644 let description = match description {
645 None => return Err(SemanticError::MissingDescription),
646 Some(description) => description,
649 if offer_features.is_some() {
650 return Err(SemanticError::UnexpectedFeatures);
653 let absolute_expiry = absolute_expiry.map(Duration::from_secs);
655 if quantity_max.is_some() {
656 return Err(SemanticError::UnexpectedQuantity);
659 if node_id.is_some() {
660 return Err(SemanticError::UnexpectedSigningPubkey);
663 let amount_msats = match amount {
664 None => return Err(SemanticError::MissingAmount),
665 Some(amount_msats) if amount_msats > MAX_VALUE_MSAT => {
666 return Err(SemanticError::InvalidAmount);
668 Some(amount_msats) => amount_msats,
671 let features = features.unwrap_or_else(InvoiceRequestFeatures::empty);
673 let payer_id = match payer_id {
674 None => return Err(SemanticError::MissingPayerId),
675 Some(payer_id) => payer_id,
679 payer, description, absolute_expiry, issuer, paths, chain, amount_msats, features,
680 quantity, payer_id, payer_note,
685 impl core::fmt::Display for Refund {
686 fn fmt(&self, f: &mut core::fmt::Formatter) -> Result<(), core::fmt::Error> {
687 self.fmt_bech32_str(f)
693 use super::{Refund, RefundBuilder, RefundTlvStreamRef};
695 use bitcoin::blockdata::constants::ChainHash;
696 use bitcoin::network::constants::Network;
697 use bitcoin::secp256k1::{KeyPair, Secp256k1, SecretKey};
698 use core::convert::TryFrom;
699 use core::time::Duration;
700 use crate::blinded_path::{BlindedHop, BlindedPath};
701 use crate::chain::keysinterface::KeyMaterial;
702 use crate::ln::features::{InvoiceRequestFeatures, OfferFeatures};
703 use crate::ln::inbound_payment::ExpandedKey;
704 use crate::ln::msgs::{DecodeError, MAX_VALUE_MSAT};
705 use crate::offers::invoice_request::InvoiceRequestTlvStreamRef;
706 use crate::offers::offer::OfferTlvStreamRef;
707 use crate::offers::parse::{ParseError, SemanticError};
708 use crate::offers::payer::PayerTlvStreamRef;
709 use crate::offers::test_utils::*;
710 use crate::util::ser::{BigSize, Writeable};
711 use crate::util::string::PrintableString;
714 fn to_bytes(&self) -> Vec<u8>;
717 impl<'a> ToBytes for RefundTlvStreamRef<'a> {
718 fn to_bytes(&self) -> Vec<u8> {
719 let mut buffer = Vec::new();
720 self.write(&mut buffer).unwrap();
726 fn builds_refund_with_defaults() {
727 let refund = RefundBuilder::new("foo".into(), vec![1; 32], payer_pubkey(), 1000).unwrap()
730 let mut buffer = Vec::new();
731 refund.write(&mut buffer).unwrap();
733 assert_eq!(refund.bytes, buffer.as_slice());
734 assert_eq!(refund.metadata(), &[1; 32]);
735 assert_eq!(refund.description(), PrintableString("foo"));
736 assert_eq!(refund.absolute_expiry(), None);
737 #[cfg(feature = "std")]
738 assert!(!refund.is_expired());
739 assert_eq!(refund.paths(), &[]);
740 assert_eq!(refund.issuer(), None);
741 assert_eq!(refund.chain(), ChainHash::using_genesis_block(Network::Bitcoin));
742 assert_eq!(refund.amount_msats(), 1000);
743 assert_eq!(refund.features(), &InvoiceRequestFeatures::empty());
744 assert_eq!(refund.payer_id(), payer_pubkey());
745 assert_eq!(refund.payer_note(), None);
748 refund.as_tlv_stream(),
750 PayerTlvStreamRef { metadata: Some(&vec![1; 32]) },
756 description: Some(&String::from("foo")),
758 absolute_expiry: None,
764 InvoiceRequestTlvStreamRef {
769 payer_id: Some(&payer_pubkey()),
775 if let Err(e) = Refund::try_from(buffer) {
776 panic!("error parsing refund: {:?}", e);
781 fn fails_building_refund_with_invalid_amount() {
782 match RefundBuilder::new("foo".into(), vec![1; 32], payer_pubkey(), MAX_VALUE_MSAT + 1) {
783 Ok(_) => panic!("expected error"),
784 Err(e) => assert_eq!(e, SemanticError::InvalidAmount),
789 fn builds_refund_with_metadata_derived() {
790 let desc = "foo".to_string();
791 let node_id = payer_pubkey();
792 let expanded_key = ExpandedKey::new(&KeyMaterial([42; 32]));
793 let entropy = FixedEntropy {};
794 let secp_ctx = Secp256k1::new();
796 let refund = RefundBuilder
797 ::deriving_payer_id(desc, node_id, &expanded_key, &entropy, &secp_ctx, 1000)
800 assert_eq!(refund.payer_id(), node_id);
802 // Fails verification with altered fields
804 .respond_with_no_std(payment_paths(), payment_hash(), recipient_pubkey(), now())
807 .sign(recipient_sign).unwrap();
808 assert!(invoice.verify(&expanded_key, &secp_ctx));
810 let mut tlv_stream = refund.as_tlv_stream();
811 tlv_stream.2.amount = Some(2000);
813 let mut encoded_refund = Vec::new();
814 tlv_stream.write(&mut encoded_refund).unwrap();
816 let invoice = Refund::try_from(encoded_refund).unwrap()
817 .respond_with_no_std(payment_paths(), payment_hash(), recipient_pubkey(), now())
820 .sign(recipient_sign).unwrap();
821 assert!(!invoice.verify(&expanded_key, &secp_ctx));
823 // Fails verification with altered metadata
824 let mut tlv_stream = refund.as_tlv_stream();
825 let metadata = tlv_stream.0.metadata.unwrap().iter().copied().rev().collect();
826 tlv_stream.0.metadata = Some(&metadata);
828 let mut encoded_refund = Vec::new();
829 tlv_stream.write(&mut encoded_refund).unwrap();
831 let invoice = Refund::try_from(encoded_refund).unwrap()
832 .respond_with_no_std(payment_paths(), payment_hash(), recipient_pubkey(), now())
835 .sign(recipient_sign).unwrap();
836 assert!(!invoice.verify(&expanded_key, &secp_ctx));
840 fn builds_refund_with_derived_payer_id() {
841 let desc = "foo".to_string();
842 let node_id = payer_pubkey();
843 let expanded_key = ExpandedKey::new(&KeyMaterial([42; 32]));
844 let entropy = FixedEntropy {};
845 let secp_ctx = Secp256k1::new();
847 let blinded_path = BlindedPath {
848 introduction_node_id: pubkey(40),
849 blinding_point: pubkey(41),
851 BlindedHop { blinded_node_id: pubkey(43), encrypted_payload: vec![0; 43] },
852 BlindedHop { blinded_node_id: node_id, encrypted_payload: vec![0; 44] },
856 let refund = RefundBuilder
857 ::deriving_payer_id(desc, node_id, &expanded_key, &entropy, &secp_ctx, 1000)
861 assert_ne!(refund.payer_id(), node_id);
864 .respond_with_no_std(payment_paths(), payment_hash(), recipient_pubkey(), now())
867 .sign(recipient_sign).unwrap();
868 assert!(invoice.verify(&expanded_key, &secp_ctx));
870 // Fails verification with altered fields
871 let mut tlv_stream = refund.as_tlv_stream();
872 tlv_stream.2.amount = Some(2000);
874 let mut encoded_refund = Vec::new();
875 tlv_stream.write(&mut encoded_refund).unwrap();
877 let invoice = Refund::try_from(encoded_refund).unwrap()
878 .respond_with_no_std(payment_paths(), payment_hash(), recipient_pubkey(), now())
881 .sign(recipient_sign).unwrap();
882 assert!(!invoice.verify(&expanded_key, &secp_ctx));
884 // Fails verification with altered payer_id
885 let mut tlv_stream = refund.as_tlv_stream();
886 let payer_id = pubkey(1);
887 tlv_stream.2.payer_id = Some(&payer_id);
889 let mut encoded_refund = Vec::new();
890 tlv_stream.write(&mut encoded_refund).unwrap();
892 let invoice = Refund::try_from(encoded_refund).unwrap()
893 .respond_with_no_std(payment_paths(), payment_hash(), recipient_pubkey(), now())
896 .sign(recipient_sign).unwrap();
897 assert!(!invoice.verify(&expanded_key, &secp_ctx));
901 fn builds_refund_with_absolute_expiry() {
902 let future_expiry = Duration::from_secs(u64::max_value());
903 let past_expiry = Duration::from_secs(0);
905 let refund = RefundBuilder::new("foo".into(), vec![1; 32], payer_pubkey(), 1000).unwrap()
906 .absolute_expiry(future_expiry)
909 let (_, tlv_stream, _) = refund.as_tlv_stream();
910 #[cfg(feature = "std")]
911 assert!(!refund.is_expired());
912 assert_eq!(refund.absolute_expiry(), Some(future_expiry));
913 assert_eq!(tlv_stream.absolute_expiry, Some(future_expiry.as_secs()));
915 let refund = RefundBuilder::new("foo".into(), vec![1; 32], payer_pubkey(), 1000).unwrap()
916 .absolute_expiry(future_expiry)
917 .absolute_expiry(past_expiry)
920 let (_, tlv_stream, _) = refund.as_tlv_stream();
921 #[cfg(feature = "std")]
922 assert!(refund.is_expired());
923 assert_eq!(refund.absolute_expiry(), Some(past_expiry));
924 assert_eq!(tlv_stream.absolute_expiry, Some(past_expiry.as_secs()));
928 fn builds_refund_with_paths() {
931 introduction_node_id: pubkey(40),
932 blinding_point: pubkey(41),
934 BlindedHop { blinded_node_id: pubkey(43), encrypted_payload: vec![0; 43] },
935 BlindedHop { blinded_node_id: pubkey(44), encrypted_payload: vec![0; 44] },
939 introduction_node_id: pubkey(40),
940 blinding_point: pubkey(41),
942 BlindedHop { blinded_node_id: pubkey(45), encrypted_payload: vec![0; 45] },
943 BlindedHop { blinded_node_id: pubkey(46), encrypted_payload: vec![0; 46] },
948 let refund = RefundBuilder::new("foo".into(), vec![1; 32], payer_pubkey(), 1000).unwrap()
949 .path(paths[0].clone())
950 .path(paths[1].clone())
953 let (_, offer_tlv_stream, invoice_request_tlv_stream) = refund.as_tlv_stream();
954 assert_eq!(refund.paths(), paths.as_slice());
955 assert_eq!(refund.payer_id(), pubkey(42));
956 assert_ne!(pubkey(42), pubkey(44));
957 assert_eq!(offer_tlv_stream.paths, Some(&paths));
958 assert_eq!(invoice_request_tlv_stream.payer_id, Some(&pubkey(42)));
962 fn builds_refund_with_issuer() {
963 let refund = RefundBuilder::new("foo".into(), vec![1; 32], payer_pubkey(), 1000).unwrap()
964 .issuer("bar".into())
967 let (_, tlv_stream, _) = refund.as_tlv_stream();
968 assert_eq!(refund.issuer(), Some(PrintableString("bar")));
969 assert_eq!(tlv_stream.issuer, Some(&String::from("bar")));
971 let refund = RefundBuilder::new("foo".into(), vec![1; 32], payer_pubkey(), 1000).unwrap()
972 .issuer("bar".into())
973 .issuer("baz".into())
976 let (_, tlv_stream, _) = refund.as_tlv_stream();
977 assert_eq!(refund.issuer(), Some(PrintableString("baz")));
978 assert_eq!(tlv_stream.issuer, Some(&String::from("baz")));
982 fn builds_refund_with_chain() {
983 let mainnet = ChainHash::using_genesis_block(Network::Bitcoin);
984 let testnet = ChainHash::using_genesis_block(Network::Testnet);
986 let refund = RefundBuilder::new("foo".into(), vec![1; 32], payer_pubkey(), 1000).unwrap()
987 .chain(Network::Bitcoin)
989 let (_, _, tlv_stream) = refund.as_tlv_stream();
990 assert_eq!(refund.chain(), mainnet);
991 assert_eq!(tlv_stream.chain, None);
993 let refund = RefundBuilder::new("foo".into(), vec![1; 32], payer_pubkey(), 1000).unwrap()
994 .chain(Network::Testnet)
996 let (_, _, tlv_stream) = refund.as_tlv_stream();
997 assert_eq!(refund.chain(), testnet);
998 assert_eq!(tlv_stream.chain, Some(&testnet));
1000 let refund = RefundBuilder::new("foo".into(), vec![1; 32], payer_pubkey(), 1000).unwrap()
1001 .chain(Network::Regtest)
1002 .chain(Network::Testnet)
1004 let (_, _, tlv_stream) = refund.as_tlv_stream();
1005 assert_eq!(refund.chain(), testnet);
1006 assert_eq!(tlv_stream.chain, Some(&testnet));
1010 fn builds_refund_with_quantity() {
1011 let refund = RefundBuilder::new("foo".into(), vec![1; 32], payer_pubkey(), 1000).unwrap()
1014 let (_, _, tlv_stream) = refund.as_tlv_stream();
1015 assert_eq!(refund.quantity(), Some(10));
1016 assert_eq!(tlv_stream.quantity, Some(10));
1018 let refund = RefundBuilder::new("foo".into(), vec![1; 32], payer_pubkey(), 1000).unwrap()
1022 let (_, _, tlv_stream) = refund.as_tlv_stream();
1023 assert_eq!(refund.quantity(), Some(1));
1024 assert_eq!(tlv_stream.quantity, Some(1));
1028 fn builds_refund_with_payer_note() {
1029 let refund = RefundBuilder::new("foo".into(), vec![1; 32], payer_pubkey(), 1000).unwrap()
1030 .payer_note("bar".into())
1032 let (_, _, tlv_stream) = refund.as_tlv_stream();
1033 assert_eq!(refund.payer_note(), Some(PrintableString("bar")));
1034 assert_eq!(tlv_stream.payer_note, Some(&String::from("bar")));
1036 let refund = RefundBuilder::new("foo".into(), vec![1; 32], payer_pubkey(), 1000).unwrap()
1037 .payer_note("bar".into())
1038 .payer_note("baz".into())
1040 let (_, _, tlv_stream) = refund.as_tlv_stream();
1041 assert_eq!(refund.payer_note(), Some(PrintableString("baz")));
1042 assert_eq!(tlv_stream.payer_note, Some(&String::from("baz")));
1046 fn fails_responding_with_unknown_required_features() {
1047 match RefundBuilder::new("foo".into(), vec![1; 32], payer_pubkey(), 1000).unwrap()
1048 .features_unchecked(InvoiceRequestFeatures::unknown())
1050 .respond_with_no_std(payment_paths(), payment_hash(), recipient_pubkey(), now())
1052 Ok(_) => panic!("expected error"),
1053 Err(e) => assert_eq!(e, SemanticError::UnknownRequiredFeatures),
1058 fn parses_refund_with_metadata() {
1059 let refund = RefundBuilder::new("foo".into(), vec![1; 32], payer_pubkey(), 1000).unwrap()
1061 if let Err(e) = refund.to_string().parse::<Refund>() {
1062 panic!("error parsing refund: {:?}", e);
1065 let mut tlv_stream = refund.as_tlv_stream();
1066 tlv_stream.0.metadata = None;
1068 match Refund::try_from(tlv_stream.to_bytes()) {
1069 Ok(_) => panic!("expected error"),
1071 assert_eq!(e, ParseError::InvalidSemantics(SemanticError::MissingPayerMetadata));
1077 fn parses_refund_with_description() {
1078 let refund = RefundBuilder::new("foo".into(), vec![1; 32], payer_pubkey(), 1000).unwrap()
1080 if let Err(e) = refund.to_string().parse::<Refund>() {
1081 panic!("error parsing refund: {:?}", e);
1084 let mut tlv_stream = refund.as_tlv_stream();
1085 tlv_stream.1.description = None;
1087 match Refund::try_from(tlv_stream.to_bytes()) {
1088 Ok(_) => panic!("expected error"),
1090 assert_eq!(e, ParseError::InvalidSemantics(SemanticError::MissingDescription));
1096 fn parses_refund_with_amount() {
1097 let refund = RefundBuilder::new("foo".into(), vec![1; 32], payer_pubkey(), 1000).unwrap()
1099 if let Err(e) = refund.to_string().parse::<Refund>() {
1100 panic!("error parsing refund: {:?}", e);
1103 let mut tlv_stream = refund.as_tlv_stream();
1104 tlv_stream.2.amount = None;
1106 match Refund::try_from(tlv_stream.to_bytes()) {
1107 Ok(_) => panic!("expected error"),
1109 assert_eq!(e, ParseError::InvalidSemantics(SemanticError::MissingAmount));
1113 let mut tlv_stream = refund.as_tlv_stream();
1114 tlv_stream.2.amount = Some(MAX_VALUE_MSAT + 1);
1116 match Refund::try_from(tlv_stream.to_bytes()) {
1117 Ok(_) => panic!("expected error"),
1119 assert_eq!(e, ParseError::InvalidSemantics(SemanticError::InvalidAmount));
1125 fn parses_refund_with_payer_id() {
1126 let refund = RefundBuilder::new("foo".into(), vec![1; 32], payer_pubkey(), 1000).unwrap()
1128 if let Err(e) = refund.to_string().parse::<Refund>() {
1129 panic!("error parsing refund: {:?}", e);
1132 let mut tlv_stream = refund.as_tlv_stream();
1133 tlv_stream.2.payer_id = None;
1135 match Refund::try_from(tlv_stream.to_bytes()) {
1136 Ok(_) => panic!("expected error"),
1138 assert_eq!(e, ParseError::InvalidSemantics(SemanticError::MissingPayerId));
1144 fn parses_refund_with_optional_fields() {
1145 let past_expiry = Duration::from_secs(0);
1148 introduction_node_id: pubkey(40),
1149 blinding_point: pubkey(41),
1151 BlindedHop { blinded_node_id: pubkey(43), encrypted_payload: vec![0; 43] },
1152 BlindedHop { blinded_node_id: pubkey(44), encrypted_payload: vec![0; 44] },
1156 introduction_node_id: pubkey(40),
1157 blinding_point: pubkey(41),
1159 BlindedHop { blinded_node_id: pubkey(45), encrypted_payload: vec![0; 45] },
1160 BlindedHop { blinded_node_id: pubkey(46), encrypted_payload: vec![0; 46] },
1165 let refund = RefundBuilder::new("foo".into(), vec![1; 32], payer_pubkey(), 1000).unwrap()
1166 .absolute_expiry(past_expiry)
1167 .issuer("bar".into())
1168 .path(paths[0].clone())
1169 .path(paths[1].clone())
1170 .chain(Network::Testnet)
1171 .features_unchecked(InvoiceRequestFeatures::unknown())
1173 .payer_note("baz".into())
1176 match refund.to_string().parse::<Refund>() {
1178 assert_eq!(refund.absolute_expiry(), Some(past_expiry));
1179 #[cfg(feature = "std")]
1180 assert!(refund.is_expired());
1181 assert_eq!(refund.paths(), &paths[..]);
1182 assert_eq!(refund.issuer(), Some(PrintableString("bar")));
1183 assert_eq!(refund.chain(), ChainHash::using_genesis_block(Network::Testnet));
1184 assert_eq!(refund.features(), &InvoiceRequestFeatures::unknown());
1185 assert_eq!(refund.quantity(), Some(10));
1186 assert_eq!(refund.payer_note(), Some(PrintableString("baz")));
1188 Err(e) => panic!("error parsing refund: {:?}", e),
1193 fn fails_parsing_refund_with_unexpected_fields() {
1194 let refund = RefundBuilder::new("foo".into(), vec![1; 32], payer_pubkey(), 1000).unwrap()
1196 if let Err(e) = refund.to_string().parse::<Refund>() {
1197 panic!("error parsing refund: {:?}", e);
1200 let metadata = vec![42; 32];
1201 let mut tlv_stream = refund.as_tlv_stream();
1202 tlv_stream.1.metadata = Some(&metadata);
1204 match Refund::try_from(tlv_stream.to_bytes()) {
1205 Ok(_) => panic!("expected error"),
1207 assert_eq!(e, ParseError::InvalidSemantics(SemanticError::UnexpectedMetadata));
1211 let chains = vec![ChainHash::using_genesis_block(Network::Testnet)];
1212 let mut tlv_stream = refund.as_tlv_stream();
1213 tlv_stream.1.chains = Some(&chains);
1215 match Refund::try_from(tlv_stream.to_bytes()) {
1216 Ok(_) => panic!("expected error"),
1218 assert_eq!(e, ParseError::InvalidSemantics(SemanticError::UnexpectedChain));
1222 let mut tlv_stream = refund.as_tlv_stream();
1223 tlv_stream.1.currency = Some(&b"USD");
1224 tlv_stream.1.amount = Some(1000);
1226 match Refund::try_from(tlv_stream.to_bytes()) {
1227 Ok(_) => panic!("expected error"),
1229 assert_eq!(e, ParseError::InvalidSemantics(SemanticError::UnexpectedAmount));
1233 let features = OfferFeatures::unknown();
1234 let mut tlv_stream = refund.as_tlv_stream();
1235 tlv_stream.1.features = Some(&features);
1237 match Refund::try_from(tlv_stream.to_bytes()) {
1238 Ok(_) => panic!("expected error"),
1240 assert_eq!(e, ParseError::InvalidSemantics(SemanticError::UnexpectedFeatures));
1244 let mut tlv_stream = refund.as_tlv_stream();
1245 tlv_stream.1.quantity_max = Some(10);
1247 match Refund::try_from(tlv_stream.to_bytes()) {
1248 Ok(_) => panic!("expected error"),
1250 assert_eq!(e, ParseError::InvalidSemantics(SemanticError::UnexpectedQuantity));
1254 let node_id = payer_pubkey();
1255 let mut tlv_stream = refund.as_tlv_stream();
1256 tlv_stream.1.node_id = Some(&node_id);
1258 match Refund::try_from(tlv_stream.to_bytes()) {
1259 Ok(_) => panic!("expected error"),
1261 assert_eq!(e, ParseError::InvalidSemantics(SemanticError::UnexpectedSigningPubkey));
1267 fn fails_parsing_refund_with_extra_tlv_records() {
1268 let secp_ctx = Secp256k1::new();
1269 let keys = KeyPair::from_secret_key(&secp_ctx, &SecretKey::from_slice(&[42; 32]).unwrap());
1270 let refund = RefundBuilder::new("foo".into(), vec![1; 32], keys.public_key(), 1000).unwrap()
1273 let mut encoded_refund = Vec::new();
1274 refund.write(&mut encoded_refund).unwrap();
1275 BigSize(1002).write(&mut encoded_refund).unwrap();
1276 BigSize(32).write(&mut encoded_refund).unwrap();
1277 [42u8; 32].write(&mut encoded_refund).unwrap();
1279 match Refund::try_from(encoded_refund) {
1280 Ok(_) => panic!("expected error"),
1281 Err(e) => assert_eq!(e, ParseError::Decode(DecodeError::InvalidValue)),